| AuthorizationCodeReusePreventingDecorator | Enhances token processing by revoking tokens associated with previously used authorization codes, preventing authorization code reuse in compliance with OAuth 2.0 security best practices. |
| TokenAuthorizationContextEvaluator | Default ITokenAuthorizationContextEvaluator: narrows the originally granted scope and resource sets to the intersection with what the token request asks for (RFC 6749 §6 / RFC 8707 §2.2), and, when the client authenticated via mTLS, derives the RFC 8705 §3 cnf.x5t#S256 certificate thumbprint to bind the issued tokens. |
| TokenHandler | Manages the processing of token requests according to OAuth 2.0 and OpenID Connect specifications. This includes validating the request for compliance with the protocol requirements and processing it to issue, renew or exchange tokens as appropriate. |
| TokenRequestProcessor | Default ITokenRequestProcessor: always issues an access token (RFC 6749 §5.1), adds a refresh token when offline_access is in the granted scope (OIDC Core 1.0 §11), and adds an ID token when openid is in scope (OIDC Core 1.0 §3.1.3.3, with at_hash computed from the issued access token). |
| TokenRequestValidator | Validates token requests against OAuth 2.0 specifications, ensuring that requests are properly formed and authorized. This class plays a critical role in the OAuth 2.0 authentication and authorization process by verifying the integrity and authenticity of token requests, according to the framework defined in RFC 6749. |